Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  prefix filter questions

    Posted 03-12-2021 23:41
    I came across this prefix filter and do not quite understand during test.

    0.0.0.0/0 prefix-length-range /27-/32 reject

    Can anyone show me any prefixes matching this filter ?

    Before applying this filter list, I have the following:
    root@SRX1# run show route protocol bgp community 9876:512

    inet.0: 54 destinations, 68 routes (54 active, 0 holddown, 2 hidden)
    + = Active Route, - = Last Active, * = Both

    8.8.8.0/24 *[BGP/170] 23:50:15, localpref 150, from 172.30.15.2
    AS path: 512 8888 I, validation-state: unverified
    > to 172.30.0.6 via ge-0/0/2.13
    10.146.40.0/24 [BGP/170] 23:50:16, localpref 150, from 172.30.15.2
    AS path: 512 I, validation-state: unverified
    > to 172.30.0.6 via ge-0/0/2.13
    172.16.200.176/32 *[BGP/170] 23:50:15, localpref 150, from 172.30.15.2
    AS path: 512 I, validation-state: unverified
    > to 172.30.0.6 via ge-0/0/2.13
    172.30.15.2/32 [BGP/170] 00:13:40, localpref 150, from 172.30.15.2
    AS path: 512 I, validation-state: unverified
    > to 172.30.0.6 via ge-0/0/2.13
    172.30.80.4/30 [BGP/170] 23:50:16, localpref 150, from 172.30.15.2
    AS path: 512 I, validation-state: unverified
    > to 172.30.0.6 via ge-0/0/2.13
    172.30.80.8/30 [BGP/170] 23:50:16, localpref 150, from 172.30.15.2
    AS path: 512 I, validation-state: unverified
    > to 172.30.0.6 via ge-0/0/2.13
    173.250.165.0/31 *[BGP/170] 00:00:07, localpref 150, from 172.30.15.2
    AS path: 512 I, validation-state: unverified
    > to 172.30.0.6 via ge-0/0/2.13

    inet6.0: 50 destinations, 54 routes (50 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    2008:173:250:166::/127
    *[BGP/170] 09:25:59, localpref 150, from fd17:f0f4:f691:15::2
    AS path: 512 I, validation-state: unverified
    > to fe80::205:8600:d71:6102 via ge-0/0/2.13

    After applying that filter list, only prefix in red is gone.  I do not quite understand why only that prefix matches .

    Also why the following command lists nothing from the above ?
    root@SRX1# run show route receive-protocol bgp 172.30.15.2 match-prefix */27-31

    inet.0: 54 destinations, 68 routes (54 active, 0 holddown, 2 hidden)

    inet6.0: 50 destinations, 54 routes (50 active, 0 holddown, 0 hidden)

    thanks a lot !!



  • 2.  RE: prefix filter questions

    Posted 03-23-2021 13:45
    Ideally you should be able to reject following prefixes.

    172.16.200.176/32 *[BGP/170] 23:50:15, localpref 150, from 172.30.15.2
    AS path: 512 I, validation-state: unverified
    > to 172.30.0.6 via ge-0/0/2.13
    172.30.15.2/32 [BGP/170] 00:13:40, localpref 150, from 172.30.15.2
    AS path: 512 I, validation-state: unverified
    > to 172.30.0.6 via ge-0/0/2.13
    172.30.80.4/30 [BGP/170] 23:50:16, localpref 150, from 172.30.15.2
    AS path: 512 I, validation-state: unverified
    > to 172.30.0.6 via ge-0/0/2.13
    172.30.80.8/30 [BGP/170] 23:50:16, localpref 150, from 172.30.15.2
    AS path: 512 I, validation-state: unverified
    > to 172.30.0.6 via ge-0/0/2.13
    173.250.165.0/31 *[BGP/170] 00:00:07, localpref 150, from 172.30.15.2
    AS path: 512 I, validation-state: unverified
    > to 172.30.0.6 via ge-0/0/2.13

    However, ones without being active prefixes will anyway does not seem to be installed in your routing table as they do not seem to be the best path.

    ------------------------------
    Milind
    ------------------------------



  • 3.  RE: prefix filter questions

    Posted 03-23-2021 16:25
    I am sorry I still don't quite understand why  the following policy

    set policy-options policy-statement FromISP2 term 1 from route-filter 0.0.0.0/0 prefix-length-range /27-/32 reject


    filters out

    173.250.165.0/31 *[BGP/170] 00:00:07, localpref 150, from 172.30.15.2
    AS path: 512 I, validation-state: unverified
    > to 172.30.0.6 via ge-0/0/2.13

    thanks for taking a look at it.


  • 4.  RE: prefix filter questions

    Posted 03-24-2021 08:34
    this particular route-filter when using 0/0 is really an "any" route.  Then the prefix-length portion is matching any prefix that has a subnet mask of whatever is listed, in this case a /27-/32.  The route you show above, 173.250.165.0/31, is a match per the way the policy is written.


  • 5.  RE: prefix filter questions

    Posted 03-24-2021 12:20
    thanks so much for coaching !!